TLS Keys, Disk Encryption Keys, and Service Passwords, are examples of sensitive data that needs to be kept away from prying eyes, yet still needs to be readily available for automated processes. Storing passwords and secrets in config files in your version control system potentially exposes that data to actors who shouldn’t have it. Barbican provides a secure repository to store such data and the controls to ensure only authorized users can get to that data.
As part of Symantec’s enterprise cloud initiative, we are deploying Barbican to handle not only our own OpenStack Key Management needs, but also as a Key Management as a Service option for our product groups. Our journey with Barbican has been fraught with challenges and in this talk, we will share our experience and lessons learned along the way.
Some of the topics to be covered:
Our uses cases for Barbican
How we’ve deployed Barbican
Operationalizing Barbican
Our practices and lessons learned